CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,816 vulnerabilities with CWE-89
CVE-2022-27379
HIGH
MariaDB 10.3.0-10.3.34 - Denial of Service via Arg_comparator::compare_real_fixed
CVSS 7.5
CVE-2022-27378
HIGH
MariaDB < 10.2.44 - Denial of Service via Create_tmp_table::finalize
CVSS 7.5
CVE-2022-28036
CRITICAL
AtomCMS 2.0 - SQL Injection via Atom.CMS_admin_ajax_navigation.php
CVSS 9.8
CVE-2022-28035
CRITICAL
Thedigitalcraft Atomcms - SQL Injection
CVSS 9.8
CVE-2022-28034
CRITICAL
AtomCMS 2.0 - SQL Injection via Atom.CMS_admin_ajax_list-sort.php
CVSS 9.8
CVE-2022-28033
CRITICAL
Thedigitalcraft Atomcms - SQL Injection
CVSS 9.8
CVE-2022-28032
CRITICAL
AtomCMS 2.0 - SQL Injection via Atom.CMS_admin_ajax_pages.php
CVSS 9.8
CVE-2022-27473
CRITICAL
Roothub 2.6.0 - Unauthenticated SQL Injection via Topics Search Parameter
CVSS 9.8
CVE-2022-27472
CRITICAL
Roothub 2.6.0 - Unauthenticated SQL Injection via Topics Counting Feature
CVSS 9.8
CVE-2022-27165
CRITICAL
CSZ CMS 1.2.2 - SQL Injection via Plugin Manager Status Parameter
CVSS 9.8
CVE-2022-27164
CRITICAL
CSZ CMS 1.2.2 - SQL Injection via cszcms_admin_Users_viewUsers
CVSS 9.8
CVE-2022-27163
CRITICAL
CSZ CMS 1.2.2 - SQL Injection via cszcms_admin_Users_editUser
CVSS 9.8
CVE-2022-27162
CRITICAL
CSZ CMS 1.2.2 - SQL Injection via cszcms_admin_Members_editUser
CVSS 9.8
CVE-2022-27161
CRITICAL
Csz Cms 1.2.2 - SQL Injection via cszcms_admin_Members_viewUsers
CVSS 9.8
CVE-2022-28347
CRITICAL
Django 2.2-2.2.27, 3.2-3.2.12, 4.0-4.0.3 - SQL Injection via QuerySet.explain() Options
CVSS 9.8
CVE-2022-28346
CRITICAL
Django 2.2-2.2.27, 3.2-3.2.12, 4.0-4.0.3 - SQL Injection via QuerySet Column Alias Dictionary Expansion
CVSS 9.8
CVE-2022-24827
HIGH
Elide 6.1.3 - SQL Injection via Parameterized TEXT Column
CVSS 8.1
CVE-2022-24815
HIGH
generator-jhipster 7.0.0-7.8.0 - SQL Injection in Reactive Spring WebFlux Entity Repository
CVSS 8.1
CVE-2022-1023
HIGH
Podcast Importer SecondLine < 1.3.8 - SQL Injection via Malicious Podcast File Import
CVSS 7.2
CVE-2022-1006
HIGH
Advanced Booking Calendar < 1.7.1 - Authenticated SQL Injection via Calendar ID Parameter
CVSS 7.2
CVE-2022-0949
CRITICAL
Block Bad Bots WordPress plugin < 6.930 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-27041
HIGH
OpenSIS Classic 8.0 - SQL Injection via Student ID Parameter
CVSS 7.5
CVE-2022-27127
MEDIUM
zbzcms v1.0 - SQL Injection via id Parameter at /php/ajax.php
CVSS 6.5
CVE-2022-27126
CRITICAL
zbzcms v1.0 - SQL Injection via Art Parameter
CVSS 9.8
CVE-2022-28001
CRITICAL
Movie Seat Reservation 1.0 - SQL Injection via id Parameter
CVSS 9.8
Details
Vulnerabilities
19,816
Exploit Likelihood
High